Managing Risk

The UN Archives has developed this guidance to provide an overview of information risks in the context of managing records. It provides a snapshot of information and records risks and proposes potential risks mitigation strategies. This page also provides links to more detailed guidance on risks arising from managing sensitive information, as well as business continuity risks such as the damage or loss of records and information from disasters or major systems failure.

Understanding the information risks of a specific programme through a comprehensive assessment of its records and information management activities, allows offices to plan for their mitigation. A strong records management regime should be one of your primary risk-mitigation strategies. A risk-based approach to records and information management has the potential to deliver benefits, ranging from enhancing an Organisation’s performance to improving the strategic use of information. Managing records and information risk is also directly related the accountability of staff members and the Organization at large.

This guidance is intended for information and programme managers in information technology or substantive areas seeking to reinforce their information management capacity and the accountability framework for their core activities.

Guidance on Information Security Risks

An important aspect of managing risk is managing information security. Records and information are important assets of the United Nations, and sound procedures for the protection of the information sensitivity and security are critical for the proper management of the Organization’s records. Information sensitivity relates to the level of confidentiality of the information within the United Nations.

The appropriate handling of sensitive information is crucial to the success of the Organization and its operations throughout the world. Information security relates to the protection of the information, including access controls. Information security also ensures that the information is available when needed and that its integrity is maintained, i.e., that it is not altered or inappropriately disclosed.